Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

12,451 advisories

Loading
Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation High
CVE-2026-45013 was published for apostrophe (npm) May 14, 2026
Mujahidkhan525 Credited to Mujahidkhan525 and VadlaReddySai VadlaReddySai VadlaReddySai
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation Moderate
GHSA-ch3q-cw5r-f4hg was published for org.connectbot.sshlib:sshlib (Maven) Jun 12, 2026
kruton Credited to kruton
Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews. Critical
CVE-2026-47430 was published for cordova-plugin-inappbrowser (npm) Jun 8, 2026
NiklasMerz Credited to NiklasMerz
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs) High
CVE-2026-53999 was published for github.com/radius-project/radius (Go) Jun 12, 2026
b0b0haha Credited to b0b0haha and j311yl0v3u j311yl0v3u j311yl0v3u
Apache Tomcat Improper Input Validation vulnerability Moderate
CVE-2023-45648 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 10, 2023
biehl1 Credited to biehl1, mpihelgas, and aruneko mpihelgas mpihelgas
aruneko aruneko
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210 and yusuke-koyoshi yusuke-koyoshi yusuke-koyoshi
guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator Moderate
CVE-2026-53723 was published for guzzlehttp/guzzle-services (Composer) Jun 11, 2026
GrahamCampbell Credited to GrahamCampbell
guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation Moderate
CVE-2026-48998 was published for guzzlehttp/psr7 (Composer) Jun 11, 2026
edorian Credited to edorian
guzzlehttp/psr7 has CRLF Injection via URI Host Component Moderate
CVE-2026-49214 was published for guzzlehttp/psr7 (Composer) Jun 11, 2026
edorian Credited to edorian
Routinator crashes when sending a maliciously crafted select-asn query parameter High
CVE-2026-49234 was published for routinator (Rust) Jun 8, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2026-44811 was published Jun 9, 2026
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution Moderate
CVE-2025-58175 was published for org.geoserver.web:gs-web-app (Maven) Jun 12, 2026
lemauanhphong Credited to lemauanhphong and jodygarnett jodygarnett jodygarnett
A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can... Critical Unreviewed
CVE-2026-50632 was published Jun 12, 2026
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which... Critical Unreviewed
CVE-2026-50633 was published Jun 12, 2026
Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList() Moderate
GHSA-9r4w-jg96-92mv was published for github.com/google/go-attestation (Go) Jun 12, 2026
prasanna8585 Credited to prasanna8585
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP... Unknown Unreviewed
CVE-2026-50628 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47369 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47370 was published Jun 12, 2026
A malicious actor with access to the network and low privileges could exploit an Improper Input... Critical Unreviewed
CVE-2026-47367 was published Jun 12, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a... Low Unreviewed
CVE-2026-12017 was published Jun 12, 2026
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115... Moderate Unreviewed
CVE-2026-12025 was published Jun 12, 2026
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux... High Unreviewed
CVE-2026-12034 was published Jun 12, 2026
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149... High Unreviewed
CVE-2026-12009 was published Jun 12, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a... High Unreviewed
CVE-2026-12016 was published Jun 12, 2026
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds High
CVE-2026-48110 was published for russh (Rust) Jun 11, 2026
mjc Credited to mjc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database